Aggressive Mode With Rsa Signature Authentication Configuration Example - HPE FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Security command reference (881 pages) ,
- Network management and monitoring command reference (423 pages) ,
- Configuration manual (407 pages)
Table of Contents
Advertisement
# Specify 123456TESTplat&! in plain text as the pre-shared key to be used with the remote
peer at 1.1.1.1.
[SwitchB-ike-keychain-keychain1] pre-shared-key address 1.1.1.1 255.255.255.0 key
simple 123456TESTplat&!
[SwitchB-ike-keychain-keychain1] quit
# Create an IKE profile named profile1.
[SwitchB] ike profile profile1
# Specify IKE keychain keychain1
[SwitchB-ike-profile-profile1] keychain keychain1
# Configure the local ID with the identity type as IP address and the value as 2.2.2.2.
[SwitchB-ike-profile-profile1] local-identity address 2.2.2.2
# Configure a peer ID with the identity type as IP address and the value as 1.1.1.1/24.
[SwitchB-ike-profile-profile1] match remote identity address 1.1.1.1 255.255.255.0
[SwitchB-ike-profile-profile1] quit
# Create an IKE-based IPsec policy entry. Specify the policy name as use1 and set the
sequence number to 10.
[SwitchB] ipsec policy use1 10 isakmp
# Specify the remote IP address 1.1.1.1 for the IPsec tunnel.
[SwitchB-ipsec-policy-isakmp-use1-10] remote-address 1.1.1.1
# Specify ACL 3101 to identify the traffic to be protected.
[SwitchB-ipsec-policy-isakmp-use1-10] security acl 3101
# Specify IPsec transform set tran1 for the IPsec policy.
[SwitchB-ipsec-policy-isakmp-use1-10] transform-set tran1
# Specify IKE profile profile1 for the IPsec policy.
[SwitchB-ipsec-policy-isakmp-use1-10] ike-profile profile1
[SwitchB-ipsec-policy-isakmp-use1-10] quit
# Apply IPsec policy use1 to VLAN-interface 1.
[SwitchB] interface vlan-interface 1
[SwitchB-Vlan-interface1] ipsec apply policy use1
Verifying the configuration
# Initiate a connection from Switch A to Switch B to trigger IKE negotiation. After IPsec SAs are
successfully negotiated by IKE, traffic between the two switches is IPsec protected.
Aggressive mode with RSA signature authentication
configuration example
This configuration example is not available when the device is operating in FIPS mode.
Network requirements
As shown in
secure the communication in between.
Configure Switch A and Switch B to use aggressive mode for IKE negotiation phase 1 and use RSA
signature authentication.
Figure
100, configure an IKE-based IPsec tunnel between Switch A and Switch B to
371
Advertisement
Table of Contents
Troubleshooting
